Reputation: 2158
AWS S3 Bucket Policy with Empty Principle Array
I have an old S3 bucket policy that grants full S3 access to a few principles. Upon editing the policy I recieved the error:
Invalid Principle in Policy
It turns out that all of the principles within my statement were of the format, for example, AIDADJFUT4RIFUGHRU7FU.
Is this a removed account?
I removed all instances of these invalid principles, and now I have an empty array. I was planning on leaving this array empty for now, but I want to make sure that I am not accidentally leaving my S3 bucket open to the world.
Is the following policy secure?
{
"Version": "2008-10-17",
"Id": "Policy123456789",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": []
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-bucket/my-directory/*"
]
}
]
}
Upvotes: 0
Views: 2155
Answers (1)
Reputation: 358
You could just simply leave the policy as is and change the Effect from Allow to Deny.
An open policy would require the Principle to be set as a wildcard: '*', for example:
"Principal":"*"
or
"Principal":{"AWS":"*"}
These would make the statement open to the world.
Upvotes: 2
Related Questions
- AWS S3 bucket policy with condition
- S3 bucket policy: allow full access to a bucket and all its objects
- AWS S3 Bucket Policy is not valid
- aws s3 bucket policy
- AWS S3 empty bucket policy
- s3 bucket policy post
- aws s3 Bucket policy not working as expected
- S3 Bucket Policy - GET Implicitly Allowed
- AWS S3: user policy for specifc bucket
- Setting S3 Bucket Policies